[Encore] MOOtcan URLs
jung at uib.no
Thu May 24 14:08:30 MDT 2007
Jean-Marc Giffin wrote:
> Does anyone know what interprets the URLS inputted into MOOtcan?
> Is it MOOtcan itself, or something on the server, or an enCore object?
> Where specifically is the process located, if at all accessible?
Three questions. three answers:
i. Of course someone knows... :)
ii. An object produces the string, the server sends it to the client,
the client handles it.
iii. In $string_utils:mootcan_url(), but please let me explain the
background first. I hope this will be clear--if not, please do NOT
hesitate to ask again.
There are two applets available: (1) MOOtcan and (2) the v5 HTML Chat
applet. MOOtcan comes in different releases, while there is only one v5
applet. enCore v5 is designed in a way that it needs the v5 applet. This
applet is more flexible, more secure and more slim. It doesn't display
text at all, all it does is handle the update of the different frames,
one of which is the Chat frame. The applet is designed in a way that it
doesnæt work with anything other than v5 instructions.
Traditionally (enCore versions 1-3), the MOOtcan applet accepted strings
and displayed it automatically in the web frame. The Java applet had
this information hardcoded: Whenever a string like that arrives, put the
link location in the web frame.
Now, this was not satisfactory, and Jan Rune altered MOOtcan to accept
two targets: (1) web frame, (2) _blank, in order to show URLs (for
example from the @URL command) in a blank window of its own. Still, this
was hardcoded in the applet.
With the new frames in v5, we needed another solution. More frames
needed to be addressed: web frame, player frame, chat frame, even the
menu frame. Plus, it would be nice to have arbitrary frames (like
moo_document or whatever) reused. So we changed it to not be hardcoded
in the applet, but receive an instruction from the moo as to where to
put the link location.
So now the moo->client URL command string goes like this
<http://something.tld web_frame 34652536782>.
where there are three parts: the LINK, the TARGET frame and a CONTROL
code. This control code prevents malicious use of the Java
showDocument() method. Only the moo and the client applet know the code,
i.e., only moo-written (wizardly) moo->client URL command strings will
In other words, you aren't able to produce those strings on your own any
more, but you rely on calling a wizard verb that does it for you
hiddenly; this verb has some security measures to prevent missuse.
Note too that this this only works for one user at a time. If you want
to display something to a number of people, you must produce a new
string for each of them, as all of them would have different control codes.
The verb is $encore_web_utils:mootcan_url(user, url, target) which in
turn calls $string_utils:mootcan_url(user, url, target). They must be
called with wiz perms. It produces a personalized string for exactly
that user that is the first argument.
When printed to this user, the user's client (v5 applet) catches the
string, validates the control code and if correct, calls the internal
Java showDoc() method with two arguments: LINK and TARGET frame.
So when the new database (v5 based) sends a string like
<http://moo.tld:7000/player_frame647382 PLAYER_FRAME 463728>.
(which is supposed to update the player frame and nothing else) to an
old applet (ALL MOOtcan versions are old in this regard!) the TARGET
information is swallowed, and the link is put into what is hardcoded as
default, i.e., ... right: web_frame.
Hope that helped.
More information about the Encore